[IS&T Security-FYI] SFYI Newsletter, November 23, 2009
Monique Yeaton
myeaton at MIT.EDU
Mon Nov 23 15:26:43 EST 2009
In this issue:
1. Microsoft Investigating SMB Vulnerability
2. Apple Security Updates, November 2009
3. Snow Leopard's XProtect
4. Event: SANS Application Security 2010
-------------------------------------------------------
1. Microsoft Investigating SMB Vulnerability
-------------------------------------------------------
Microsoft is investigating new public reports of a possible denial of
service vulnerability in the Server Message Block (SMB) protocol. This
vulnerability could NOT be used to take control of or install
malicious software on a user's system. However, Microsoft is aware
that detailed exploit code has been published for the vulnerability.
The company is monitoring the situation to keep customers informed and
provide customer guidance as necessary.
The advisory offers some mitigating factors to reduce the severity of
the vulnerability: Firewall best practices and standard firewall
default configurations can help protect networks from attacks. Best
practice recommends that systems that are connected to the Internet
have minimal number of ports exposed. In this case, SMB ports should
be blocked from the Internet.
Read the full advisory here:
<http://www.microsoft.com/technet/security/advisory/977544.mspx>
-------------------------------------------------------
2. Apple Security Updates, November 2009
-------------------------------------------------------
Apple released two security updates this month:
* Security Update 2009-006 / Mac OS X 10.6.2
* Safari 4.0.4
The Security Update should be applied to all computers running 10.5.8,
10.6 and 10.6.1. The Safari update was released for OS X 10.4.11,
10.5.8, 10.6.2, Windows 7, Vista and XP. It patches seven security
flaws. The most serious affects only Windows versions of the software.
More details:
<http://support.apple.com/kb/HT1222>
<http://www.networkworld.com/news/2009/111009-apple-releases-security-update-2009-006.html
>
<http://www.h-online.com/security/news/item/Apple-fixes-critical-vulnerabilities-in-Safari-857378.html
>
------------------------------------
3. Snow Leopard's XProtect
------------------------------------
With the release of OS X 10.6 (Snow Leopard), there's been some
discussion amongst security professionals about XProtect, a utility
that Apple included in the newest operating system to catch specific
forms of malware.
Apple had been known to leave malware detection to security vendors,
making the argument that because Macs are already built with
protection in mind, no malware can penetrate its system. We now know
that isn't true. Mac users need to use anti-malware software just like
other computer users.
XProtect is still very basic. To offer some protection against Trojans
while browsing dangerous websites, XProtect kicks in with a warning.
Watch this demo from Sophos to see how XProtect works:
<http://www.digitalthreat.net/?p=318>
As you will see, anti-malware software from Sophos or McAfee will do
the same job just fine. In fact, it does it even better than XProtect,
which will not catch malware delivered via torrent, IM, or external
drive.
----------------------------------------------------
4. Event: SANS Application Security 2010
----------------------------------------------------
Today, over 70% of attacks come through the application layer instead
of the operating system. Attacks on web applications constitute more
than 60% of the total attack attempts observed on the Internet. If you
and your developer team are not trained and certified to write secure
code, you are unwittingly creating weaknesses and vulnerabilities that
will enable attacks.
Learn more about this SANS course:
<http://www.sans.org/appsec-2010/>
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091123/9af2ff15/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091123/9af2ff15/attachment.bin
More information about the ist-security-fyi
mailing list